Denial of service vulnerabilities in commercial vehicles: exploiting diagnostic protocol flaws

Abstract

Commercial vehicles are a vital component of modern logistics and transportation, forming part of the critical infrastructure and representing safety-critical cyber-physical systems. Contemporary automotive operations are dominated by embedded computing systems that engage through standardized protocols, which constitute the infrastructure of vehicular communication networks. Within the commercial vehicle sector, these systems utilize high-level protocols that operate over the Controller Area Network (CAN) protocol for internal exchanges in medium and heavy-duty vehicles. The Unified Diagnostics Services (UDS) protocol, as described in International Standards Organization (ISO) 14229 (Unified Diagnostic Services - UDS) and ISO 15765 (Diagnostic Communication over CAN), plays a pivotal role by providing vital diagnostic capabilities. This research introduces four specific scenarios that expose deficiencies in the diagnostic protocol standards and how these can be manipulated to initiate attacks on in-vehicle computers within commercial vehicles, circumventing existing security frameworks. In the first three scenarios, we demonstrate three flaws within the ISO 14229 protocol standards. Following this, the fourth and final scenario elucidates a flaw unique to the ISO 15765 protocol standards. For the purpose of demonstration, test setups incorporating actual Electronic Control Units (ECUs) linked to a CAN bus were employed. Further experiments were performed using a fully equipped cab assembly from a 2018 Freightliner Cascadia truck, set up as a testing environment. The experimental outcomes demonstrate how attacks targeting these specific protocols can undermine the integrity of individual ECUs, leading to denial of service. Additionally, within the Freightliner Cascadia configuration, a network architecture typical of contemporary vehicles was observed, featuring a gateway unit that isolates internal ECUs from diagnostic interfaces. Although this gateway is engineered to prevent conventional message injection and spoofing attacks, it permits all diagnostic communications. This selective permeability inadvertently introduces a susceptibility to diagnostic protocol flaws, highlighting an essential area for security improvements within commercial vehicle networks. These insights are vital for engineers and developers tasked with integrating the diagnostic protocols into their network subsystems, underscoring the urgency for improved security provisions.